Details of VAR-201609-0011

ID

VAR-201609-0011

CVE

CVE-2016-0917

TITLE

plural EMC VNX Product SMB Vulnerability in arbitrary code execution in service

Trust: 0.8

sources: JVNDB: JVNDB-2016-004864

DESCRIPTION

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. Multiple EMC Products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. EMC VNX2 File OE and others are all hybrid storage platforms of EMC. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-096: EMC Celerra, VNX1, VNX2 and VNXe SMB NTLM Authentication Weak Nonce Vulnerability EMC Identifier: ESA-2016-096 CVE Identifier: CVE-2016-0917 Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected products: EMC Software: EMC VNX2 File OE versions prior to 8.1.9.155 EMC Software: EMC VNX1 File OE versions prior to 7.1.80.3 EMC Software: EMC VNXe (all supported versions) EMC Software: EMC Celerra (all supported versions)Note: EMC Unity (all versions) is not affected by this issue. Summary: SMB implementation in EMC Celerra, VNX1, VNX2 and VNXe are affected by an NTLM authentication weak nonce vulnerability that could potentially be exploited by malicious users to compromise the affected system. Details: An unauthenticated remote attacker may potentially exploit the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges/nonces to potentially access the SMB service of the target system under the credentials of an authorized user. This issue is similar to the Microsoft Windows SMB implementation issue that is described under CVE-2010-0231 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0231). Resolution: The following releases contain resolutions for this issue: - - EMC VNX2 File OE versions 8.1.9.155 - - EMC VNX1 File OE versions 7.1.80.3 EMC recommends all customers upgrade at the earliest opportunity. This advisory will be updated when fixes for EMC VNXe will be available. There is currently no plan to release fixes for EMC Celerra based on the current support lifecycle of the product. Workaround: Customers that are unable to upgrade should use Kerberos authentication instead of NTLM. Link to remedies: Registered EMC Support customers can download EMC VNX2 and VNX1 software from the EMC Online Support web site at https://support.emc.com. [The following is standard text included in all security advisories. Please do not change or delete.] Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX4AB5AAoJEHbcu+fsE81ZhUQIAKH6Sf0wN3aaJ3h7zd0WRO57 HF1+PfQyE3eG2pcLYqC4kVYBD6q8uXHrWqo8mvj5GmX5JZGfJfoUjYG5YRjBGvSU 1lU9y7UB4sF0cRKLtcv7MjKvjzCV5YTmqP4XR2kp3NSqLwTThUVlMdu333F5tc5b FAvgk2QtdxLHh/KS8gd65K6Mu5dAQqy3oIDFw8s/TMemJwOX/1859rXQZ7Kt/3fZ IDnHxxWzvvvxTrvngLO0zcGPE8yq6WikXDgosZm9vgELYgEDFlpXppaLO5ZHK2Ob UIIIanWTLCWSSo9K7d7Z2TCle7QYbdBe5aNEKEN+YzwUNMJV2xhn2CQ/GL7gwD4= =Uueq -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2016-0917 // JVNDB: JVNDB-2016-004864 // BID: 93023 // VULHUB: VHN-88427 // VULMON: CVE-2016-0917 // PACKETSTORM: 138779

AFFECTED PRODUCTS

vendor:	emc	model:	vnx2 oe	scope:	eq	version:	-	Trust: 1.6
vendor:	emc	model:	vnxe oe	scope:	eq	version:	-	Trust: 1.6
vendor:	emc	model:	vnx1 oe	scope:	eq	version:	-	Trust: 1.6
vendor:	dell emc old emc	model:	celerra software	scope:	eq	version:	all supported	Trust: 0.8
vendor:	dell emc old emc	model:	vnx1 file oe software	scope:	lt	version:	7.1.80.3	Trust: 0.8
vendor:	dell emc old emc	model:	vnx2 file oe software	scope:	lt	version:	8.1.9.155	Trust: 0.8
vendor:	dell emc old emc	model:	vnx5200	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnx5400	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnx5600	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnx5800	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnxe software	scope:	eq	version:	all supported	Trust: 0.8
vendor:	dell emc old emc	model:	vnxe1600	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnxe3100	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnxe3150	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnxe3200	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnxe3200 hybrid	scope:	-	version:	-	Trust: 0.8
vendor:	dell emc old emc	model:	vnxe3300	scope:	-	version:	-	Trust: 0.8
vendor:	emc	model:	vnxe3300	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	emc	model:	vnxe3200	scope:	eq	version:	3.1.0	Trust: 0.3
vendor:	emc	model:	vnxe3150	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	emc	model:	vnxe3100	scope:	eq	version:	2.4.0	Trust: 0.3
vendor:	emc	model:	vnx2	scope:	eq	version:	8.0	Trust: 0.3
vendor:	emc	model:	vnx1	scope:	eq	version:	7.0	Trust: 0.3
vendor:	emc	model:	celerra	scope:	eq	version:	0	Trust: 0.3
vendor:	emc	model:	vnxe3300	scope:	ne	version:	2.4.4.22638	Trust: 0.3
vendor:	emc	model:	vnxe3200	scope:	ne	version:	3.1.5.8711957	Trust: 0.3
vendor:	emc	model:	vnxe3150	scope:	ne	version:	2.4.4.22638	Trust: 0.3
vendor:	emc	model:	vnxe3100	scope:	ne	version:	2.4.4.22638	Trust: 0.3
vendor:	emc	model:	vnx2	scope:	ne	version:	8.1.9.155	Trust: 0.3
vendor:	emc	model:	vnx1	scope:	ne	version:	7.1.80.3	Trust: 0.3

sources: BID: 93023 // JVNDB: JVNDB-2016-004864 // CNNVD: CNNVD-201609-399 // NVD: CVE-2016-0917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0917
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-0917
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201609-399
value:	HIGH
Trust: 0.6
VULHUB:	VHN-88427
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-0917
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-0917
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-88427
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0917
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-88427 // VULMON: CVE-2016-0917 // JVNDB: JVNDB-2016-004864 // CNNVD: CNNVD-201609-399 // NVD: CVE-2016-0917

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-88427 // JVNDB: JVNDB-2016-004864 // NVD: CVE-2016-0917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-399

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201609-399

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004864

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-88427

PATCH

title:	EMC VNXファミリー	url:	https://www.emc.com/ja-jp/storage/vnx.htm	Trust: 0.8
title:	Multiple EMC Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64193	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2017/01/11/emc_slings_patch_at_remote_hack_noncense/	Trust: 0.2

sources: VULMON: CVE-2016-0917 // JVNDB: JVNDB-2016-004864 // CNNVD: CNNVD-201609-399

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0917	Trust: 3.0
db:	BID	id:	93023	Trust: 2.1
db:	SECTRACK	id:	1036843	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-004864	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-399	Trust: 0.7
db:	PACKETSTORM	id:	138779	Trust: 0.2
db:	VULHUB	id:	VHN-88427	Trust: 0.1
db:	VULMON	id:	CVE-2016-0917	Trust: 0.1

sources: VULHUB: VHN-88427 // VULMON: CVE-2016-0917 // BID: 93023 // JVNDB: JVNDB-2016-004864 // PACKETSTORM: 138779 // CNNVD: CNNVD-201609-399 // NVD: CVE-2016-0917

REFERENCES

url:	http://seclists.org/bugtraq/2016/sep/32	Trust: 2.6
url:	http://www.securityfocus.com/bid/93023	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/539993/30/0/threaded	Trust: 1.2
url:	http://www.securitytracker.com/id/1036843	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0917	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0917	Trust: 0.8
url:	http://www.emc.com/	Trust: 0.3
url:	http://seclists.org/bugtraq/2016/sep/att-32/esa-2016-096.txt	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=48967	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://support.emc.com.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0917	Trust: 0.1
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0231).	Trust: 0.1

sources: VULHUB: VHN-88427 // VULMON: CVE-2016-0917 // BID: 93023 // JVNDB: JVNDB-2016-004864 // PACKETSTORM: 138779 // CNNVD: CNNVD-201609-399 // NVD: CVE-2016-0917

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 93023

SOURCES

db:	VULHUB	id:	VHN-88427
db:	VULMON	id:	CVE-2016-0917
db:	BID	id:	93023
db:	JVNDB	id:	JVNDB-2016-004864
db:	PACKETSTORM	id:	138779
db:	CNNVD	id:	CNNVD-201609-399
db:	NVD	id:	CVE-2016-0917

LAST UPDATE DATE

2025-04-13T20:11:46.787000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-88427	date:	2017-07-30T00:00:00
db:	VULMON	id:	CVE-2016-0917	date:	2017-07-30T00:00:00
db:	BID	id:	93023	date:	2017-01-12T00:14:00
db:	JVNDB	id:	JVNDB-2016-004864	date:	2016-09-27T00:00:00
db:	CNNVD	id:	CNNVD-201609-399	date:	2016-09-21T00:00:00
db:	NVD	id:	CVE-2016-0917	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-88427	date:	2016-09-21T00:00:00
db:	VULMON	id:	CVE-2016-0917	date:	2016-09-21T00:00:00
db:	BID	id:	93023	date:	2016-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2016-004864	date:	2016-09-27T00:00:00
db:	PACKETSTORM	id:	138779	date:	2016-09-19T23:24:39
db:	CNNVD	id:	CNNVD-201609-399	date:	2016-09-20T00:00:00
db:	NVD	id:	CVE-2016-0917	date:	2016-09-21T02:59:05.663